Should I stop including plaintext versions to reduce bot activity?

Including a plaintext version is a best practice for several reasons: it improves deliverability by providing a fallback for clients that don't render HTML, enhances accessibility for users with screen readers, and is generally seen as a sign of a well-formed email by spam filters. Removing it could negatively impact your reach and accessibility.

How does bot activity affect my email marketing metrics?

Bot activity can lead to inflated open and click rates, skewing your campaign performance metrics. This makes it difficult to assess true subscriber engagement, optimize future campaigns, and accurately report on return on investment. It doesn't directly harm your sender reputation, but it can make your data misleading.

How can I find out which security appliances are causing bot clicks?

You can identify the security appliances by performing an MX record lookup for the recipient domains experiencing high bot clicks. This will show you which mail servers are handling their email, often revealing the security vendor used. Tools like dig or online MX lookup services can assist with this. Look for company names in the MX records that correspond to email security providers.

Can my ESP help filter out bot clicks from my reports?

Email service providers (ESPs) often have features to help filter out bot activity. These may include options to exclude specific IP addresses, known bot user agents, or patterns of rapid, non-human clicks from your analytics reports. Consult your ESP's documentation or support for their specific recommendations on combating bot clicks .

Why does including plaintext versions of emails increase bot activity? - Technical - Email deliverability - Knowledge base

For years, the recommendation for email marketers and senders has been to include both an HTML and a plaintext version of an email. This is considered a best practice for accessibility, deliverability, and ensuring your message is readable across all email clients. However, something curious emerged during an A/B test I ran: including the plaintext version appeared to increase bot activity, specifically clicks, with the majority of affected subscribers being corporate Outlook users. This observation begs the question, why would a recommended practice lead to inflated bot metrics?

The increase in bot activity can skew campaign metrics, making it difficult to gauge true engagement and return on investment. If you're seeing unexpected spikes in open or click rates, it's crucial to understand the underlying causes rather than assume genuine user engagement. This investigation helps in refining your email strategy and ensures you are reaching actual human recipients, not just automated systems.

The role of email security systems

Email security systems are the primary culprits behind increased bot activity. These systems, often deployed by large corporations or internet service providers (ISPs), employ automated programs or bots to scan incoming emails for threats like malware, phishing attempts, and spam. They mimic human interaction by opening emails and clicking links to test their safety. This proactive scanning helps protect recipients but can significantly inflate your email metrics.

When an email is sent with both HTML and plaintext versions, it presents two distinct sets of content for these security bots to analyze. Some security scanners might primarily focus on the plaintext version, perhaps viewing it as a less complex or more direct representation of the email's content, or as a fallback for clients that don't render HTML. This dual exposure means that the security system processes the email twice, once for each format, leading to double the potential for bot interactions such as clicks or opens.

Additionally, corporate email environments, which heavily utilize security software, often have stricter filtering mechanisms. These systems might scrutinize plaintext emails more intensely, especially if they are designed to flag content that bypasses typical HTML rendering, which can include hidden tracking pixels or other suspicious elements. This extra layer of scrutiny can result in an increased number of automated clicks within the plaintext version of your emails.

Dual-version parsing and increased link exposure

When you include both HTML and plaintext versions, you're essentially providing two paths for security scanners to follow. While HTML is rich in formatting and features, plaintext is stripped down to the bare essentials. Some security tools, especially those that prioritize speed or are configured to be extra vigilant, might process the plaintext version because it's simpler and quicker to scan for malicious links or keywords without dealing with complex HTML rendering.

The observation of clicks occurring exclusively in the plaintext version is telling. It suggests that certain security filters might be specifically engaging with the plaintext part of the email and its links. This can happen if their heuristic analysis determines that a direct scan of the raw text is more effective for detecting hidden threats or verifying link destinations. It's not necessarily a sign of a problem with your email content, but rather an artifact of how these robust security systems operate.

HTML scanning

HTML emails are rendered by most modern email clients and are usually visually appealing. Security scanners analyze the HTML structure, embedded elements, and linked assets. Their goal is to identify malicious code, phishing attempts, or suspicious redirects that might not be immediately obvious in the visible content.

Rendering complexity: HTML content can be complex, potentially obscuring malicious elements within its structure.
Hidden links: Links might be hidden or disguised, requiring more advanced parsing.

Plaintext scanning

Plaintext emails are simply raw text without any formatting, images, or special elements. Security scanners might process this version as a quick, unadorned check for direct threats or to compare against the HTML version. It offers a clear view of all visible links.

Simplicity: Easier and faster for bots to parse due to lack of formatting.
Direct threat detection: Any suspicious URLs or keywords are immediately visible.

The key takeaway is that having both versions (HTML and plaintext) essentially doubles the surface area for security scans. While essential for user experience and deliverability, it also provides more entry points for security bots to interact with your content, potentially leading to an increase in reported bot clicks.

How to investigate and identify bot activity

To truly understand why your plaintext emails are seeing increased bot activity, you'll need to dig into your data. Start by identifying the recipient domains that exhibit this unusual click behavior. Once you have a list of these domains, you can perform MX record lookups to identify the specific mail exchange servers, and by extension, the security appliances (like Mimecast or Proofpoint) that are handling mail for those organizations. This can give you insights into the specific security vendors whose systems might be interacting with your plaintext links. You can use the dig command or online tools for this.

Example MX lookup commandbash

dig MX example.com

Once you have identified potential security appliances, you can research their known behaviors regarding email scanning. Some security solutions are more aggressive in their link-following in both HTML and plaintext versions. This deeper understanding will help you differentiate between legitimate human engagement and automated security scans. Look for patterns like unusually high click rates with zero conversions or very short click-to-open times.

Identifying suspicious click patterns

Check timestamps: Bots often click links within milliseconds of an email being delivered.
Analyze user agents: Bots may have distinct user-agent strings that indicate non-human activity.
Geographic anomalies: Clicks from unexpected geographic locations could signal bot activity.
Repeated clicks: Multiple clicks from the same IP address in a short period might be bots.

It's important to remember that these bot clicks are typically a sign of robust security, not necessarily a negative for your deliverability. However, they can make your analytics misleading, so accurate identification is key for proper campaign assessment.

Mitigating inflated metrics and protecting deliverability

While you can't prevent security bots from scanning your emails, you can mitigate their impact on your metrics. Most email service providers (ESPs) offer some form of bot filtering or the ability to exclude certain IP ranges or user agents from your reports. If you identify specific corporate security appliances that consistently generate bot clicks, you might be able to filter their activity from your engagement data. This ensures that your campaign performance is measured against actual human interaction.

Maintaining a good sender reputation is paramount. Even with bot activity, ensuring your emails are properly authenticated with SPF, DKIM, and DMARC is essential. These protocols signal to ISPs and security systems that your emails are legitimate, reducing the likelihood of them being flagged as suspicious or ending up on a blacklist (or blocklist). Regularly monitoring your domain's health and deliverability performance helps catch potential issues early.

Ultimately, including a plaintext version of your email remains a critical best practice for deliverability and accessibility. While it may lead to slightly inflated bot activity in your reports due to security scans, the benefits of ensuring your email is readable by all clients, including those with accessibility needs or restrictive viewing environments, far outweigh the analytical inconvenience. Focus on understanding the source of bot clicks rather than eliminating the plaintext version altogether.

Views from the trenches

Best practices

Always include a plaintext version for accessibility and deliverability benefits.

Use robust email authentication (SPF, DKIM, DMARC) to build and maintain sender trust.

Regularly monitor your email analytics for unusual click patterns or spikes.

Segment your audience and track engagement for different email client types.

Work with your ESP to understand and leverage their bot filtering capabilities.

Common pitfalls

Panicking over inflated click rates without investigating the source (security bots).

Removing plaintext versions of emails, which harms accessibility and deliverability.

Not configuring email authentication properly, leading to lower inbox placement.

Ignoring specific corporate domains where bot activity is concentrated.

Relying solely on reported click rates without cross-referencing with conversions.

Expert tips

Distinguish between legitimate bot activity from security scanners and malicious bots. Security bots are generally harmless.

Analyze click data at a granular level, looking at IP addresses and user agents to identify bot signatures.

Consider engaging with IT departments of major recipient organizations if bot activity is significantly impacting your metrics.

Implement a double opt-in process to ensure your subscriber list consists of truly engaged human users.

Keep an eye on industry trends regarding email security systems and their scanning behaviors.

Expert view

Expert from Email Geeks says they haven't commonly heard about plaintext versions explicitly increasing bot activity, but that many people might not be actively looking for it.

2021-02-18 - Email Geeks

Expert view

Expert from Email Geeks says corporate malware filters will follow links if they appear dubious to their heuristics, and that if links are present in both plain and rich text, there is a higher likelihood of them being followed.

2021-02-18 - Email Geeks

Navigating bot activity in email marketing

The phenomenon of increased bot activity due to plaintext email versions is a nuanced challenge in email deliverability. It highlights the constant tension between adhering to best practices for accessibility and facing the realities of advanced email security systems. While these security scans can inflate your metrics, they are a sign of robust protection for your recipients. Your focus should be on understanding the source of these clicks and adapting your analytical approach, rather than abandoning the beneficial practice of including plaintext emails.

By actively investigating the domains and MX records involved, and by applying proper bot filtering techniques, you can ensure that your email marketing efforts are accurately measured. This proactive stance helps maintain the integrity of your campaign data and allows you to continue sending effective, accessible emails that reach their intended audience.